WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2017-12160 Vulnerability in maven package org.keycloak:keycloak-services

Description

It was found that Keycloak oauth would permit an authenticated resource to obtain an access/refresh token pair from the authentication server, permitting indefinite usage in the case of permission revocation. An attacker on an already compromised resource could use this flaw to grant himself continued permissions and possibly conduct further attacks.

Remediation

References

https://access.redhat.com/errata/RHSA-2017:2904

https://access.redhat.com/errata/RHSA-2017:2905

https://access.redhat.com/errata/RHSA-2017:2906

https://bugzilla.redhat.com/show_bug.cgi?id=1484154

Related Vulnerabilities

CVE-2015-2156 Vulnerability in maven package io.netty:netty-all

CVE-2019-15482 Vulnerability in npm package selectize-plugin-a11y

CVE-2018-11248 Vulnerability in maven package com.liulishuo.filedownloader:library

CVE-2022-35915 Vulnerability in maven package org.webjars.npm:openzeppelin__contracts-upgradeable

CVE-2020-2201 Vulnerability in maven package org.jenkins-ci.plugins:sonargraph-integration

Severity

High

Classification

CWE-287 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Tags

Issue Tracking Third Party Advisory